[issue13647] Python SSL stack doesn't securely validate certificate (as client)

naif report at bugs.python.org
Thu Dec 22 15:34:50 CET 2011 

New submission from naif <naif at globaleaks.org>:

It has been noticed by the well known security researcher Dan Kaminsky (
http://dankaminsky.com/) that Python SSL binding doesn't securely validate a digital certificate while used.

There is a new "match_hostname"http://pypi.python.org/pypi/backports.ssl_match_hostname/ that doesn't implement all the required, standard SSL/TLS Client security checks that should be done.

Dan suggestion to properly implement implement default SSL/TLS Client security check is as follow:

===
Encryption without authentication offers little value; it is the canonical "secure in the absence of an attacker" state.  
Python's SSL/TLS code presently does not authenticate the connection by default.  

There are of course reasons for this:

1) Collecting and maintaining the appropriate SSL/TLS roots is difficult, assuming people are even connecting to globally trusted resources
2) Changing authentication policy silently threatens to break production apps

These are real problems that can't just be waved away.  
In the long run, a more scalable trust distribution system needs to be supported (DNSSEC, most likely) but the present state of affairs remain ugly.  

This is what I would recommend:

A) Integrate the Mozilla CA pack into Python, updating it with each security release.

B) Make certificate validation tristate.  B
y default, it merely emits to stderr an error similar to what happens if deprecated content is included.  
This is vaguely heretical but whatever.  
Then add a couple of API calls:
   a) ValidateCerts, a single call that enables the Mozilla CA pack
   b) AddCert, a single call that declares a particular cert as trusted
   c) AddRoot, a single call that declares a particular root as trusted
   d) DisableValidation, a single call that removes the error
C) Integrate a hooking mechanism to add or replace the certificate validation process.  
Please send this API the name of the host you're attempting to validate, and be sure to allow it to return "I don't know, try your normal validation procedure".

Be sure you include all the necessary checks, including:
A) Expiration
B) SAN/CN
C) Basic Constraints checking
D) Name Constraints

Possibly a future version of Python should _actually_ deprecate non-validating SSL/TLS, but certainly not a security patch.
Too high a risk of breakage.
===

It would be valuable to provide the default SSL/TLS Client verification exactly like Mozilla/Chrome/Curl/Wget does.

----------
components: Library (Lib)
messages: 150094
nosy: naif
priority: normal
severity: normal
status: open
title: Python SSL stack doesn't securely validate certificate (as client)
type: security
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13647>
_______________________________________

More information about the Python-bugs-list mailing list